Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Why feign performs urlencode twice on the query parameter values?

See original GitHub issue

Feign encodes a query string twice that : finally becomes %253A and the correct result should be %3A.

First encoding happens when creating a RequestTemplate (ReflectiveFeign.java:213) RequestTemplate template = resolve(argv, mutable, varBuilder);

Second encoding happens when constructing a Request (SynchronousMethodHandler.java:88) Request request = targetRequest(template);

Though one of the RequestTemplate’s query() methods accepts a boolean parameter to determine whether to encode the query parameter values, the default value of this boolean is false and there is no way to change its value.

Finally, I have to write a RequestInterceptor to decode the query parameter values between the two encodings.

Why would feign do two encodings on query parameter values? Is it a bug or did I miss something?

Issue Analytics

State:
Created 7 years ago
Comments:7 (2 by maintainers)

Top GitHub Comments

1reaction

ryeyaocommented, Mar 30, 2017

@kgym here is my quick workaround (ugly but works)：

@Component
public class FeignMonitorRequestInterceptor implements RequestInterceptor {
    private static String urlDecode(String arg) {
        try {
            return URLDecoder.decode(arg, Util.UTF_8.name());
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    @Override
    public void apply(RequestTemplate template) {
        
        for (String key : template.queries().keySet()) {
            Collection<String> values = template.queries().get(key);
            if (allValuesAreNull(values)) {
                continue;
            } else {
                Collection<String> encodedValues = new ArrayList<String>();
                for (String value : values) {
                    encodedValues.add(urlDecode(value));
                }
                template.query(true, key, encodedValues);
            }
        }
    }

    private boolean allValuesAreNull(Collection<String> values) {
        if (values == null || values.isEmpty()) {
            return true;
        }
        for (String val : values) {
            if (val != null) {
                return false;
            }
        }
        return true;
    }
}

0reactions

kdavisk6commented, Jul 26, 2018

Duplicate of #662

Top Results From Across the Web

Avoid Double Encoding of URL query param with Spring's ...

No matter which of these I use, encoding the url query param with URLEncoder::encode gets double encoded and using this encoding leaves the...

Double Encoding | OWASP Foundation

This attack technique consists of encoding user request parameters twice in hexadecimal format in order to bypass security controls or cause unexpected ......

Spring Cloud OpenFeign

Feign is a declarative web service client. It makes writing web service clients easier. To use Feign create an interface and annotate it....

Double URL Encoding | Imperva

This is when the value of a specific parameter holds an actual URL in it, such as a redirect after a login page....

curl.1 the man page

To URL-encode the value of a form field you may use --data-urlencode. If any of these options is used more than once on...